cisco rv215w_firmware 未进行输入大小检查的缓冲区拷贝（传统缓冲区溢出）

admin

0
文章

0
评论

2023-11-30 06:44:20 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

cisco rv215w_firmware 未进行输入大小检查的缓冲区拷贝（传统缓冲区溢出）

CVE编号

CVE-2022-20890

利用情况

暂无

补丁情况

N/A

披露时间

2022-07-21

漏洞描述

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	cisco	application_extension_platform	1.0.3.55	-
	运行在以下环境
	系统	cisco	rv110w_firmware	1.0.3.55	-
	运行在以下环境
	系统	cisco	rv110w_firmware	1.2.2.8	-
	运行在以下环境
	系统	cisco	rv110w_firmware	1.3.1.7	-
	运行在以下环境
	系统	cisco	rv130w_firmware	1.0.3.55	-
	运行在以下环境
	系统	cisco	rv130w_firmware	1.2.2.8	-
	运行在以下环境
	系统	cisco	rv130w_firmware	1.3.1.7	-
	运行在以下环境
	系统	cisco	rv130_firmware	1.0.3.55	-
	运行在以下环境
	系统	cisco	rv130_firmware	1.2.2.8	-
	运行在以下环境
	系统	cisco	rv130_firmware	1.3.1.7	-
	运行在以下环境
	系统	cisco	rv215w_firmware	1.0.3.55	-
	运行在以下环境
	系统	cisco	rv215w_firmware	1.2.2.8	-
	运行在以下环境
	系统	cisco	rv215w_firmware	1.3.1.7	-
	运行在以下环境
	硬件	cisco	rv110w	-	-
	运行在以下环境
	硬件	cisco	rv130	-	-
	运行在以下环境
	硬件	cisco	rv130w	-	-
	运行在以下环境
	硬件	cisco	rv215w	-	-